Ransomware Attack on Success Microfinance Bank by Meow Group

Success Microfinance Bank, a key financial institution in Zimbabwe, has recently been targeted by the notorious ransomware group Meow. The attack has resulted in the compromise of 20 GB of sensitive data, with the attackers demanding a ransom of $6,000 for the decryption key.

About Success Microfinance Bank

Located in Harare, Zimbabwe, Success Microfinance Bank operates as a deposit-taking microfinance institution (DTMFI). Established in 2011 as Collarhedge Finance Private Limited, the bank transitioned to its current form in 2016 after receiving approval from the Reserve Bank of Zimbabwe. The bank focuses on providing financial services to micro, small, and medium enterprises (MSMEs), offering products such as loans, savings accounts, and digital banking services. With approximately 12 employees and an annual revenue of around $7.5 million, the bank plays a crucial role in promoting financial inclusion and economic growth in Zimbabwe.

Details of the Attack

The ransomware attack orchestrated by Meow has severely impacted Success Microfinance Bank's operations. The attackers have encrypted critical data, demanding a ransom for its release. The compromised data includes sensitive information vital to the bank's operations and client services. The attack highlights the vulnerabilities in the bank's cybersecurity infrastructure, which may have been exploited through methods such as phishing emails, exploit kits, or Remote Desktop Protocol (RDP) vulnerabilities.

About Meow Ransomware Group

Meow Ransomware emerged in late 2022 and has been associated with the Conti v2 ransomware variant. The group is known for targeting industries with sensitive data, such as healthcare and financial services. Meow employs various infection methods, including phishing emails and RDP vulnerabilities, to compromise systems. Once a system is compromised, the ransomware encrypts files using a combination of the ChaCha20 and RSA-4096 algorithms. The group maintains a data leak site where they list victims who have not paid the ransom.

Potential Penetration Methods

Meow Ransomware could have penetrated Success Microfinance Bank's systems through several vectors. Common methods include phishing emails that trick employees into downloading malicious attachments, exploiting vulnerabilities in outdated software, or leveraging weak RDP credentials. The bank's focus on digital banking and recent partnership with FinOS for core banking solutions may have introduced new vulnerabilities that were exploited by the attackers.

Sources

• Zimbabwe’s Success Microfinance Bank taps FinOS for core banking
• Dark Web Profile: Meow Ransomware
• Meow Ransomware
• Meow Ransomware
• About Us - Success Microfinance Bank